PsExec.exe
UAC Bypass
Actors will attempt to spawn a remote or local CMD with SYSTEM level privileges to bypass UAC/Privilege escalation.
Execute Remote Commands
This command executes IpConfig on the remote system with the /all
switch, and displays the resulting output locally:
If you omit a user name, the process will run in the context of your account on the remote system, but will not have access to network resources (because it is impersonating). Specify a valid user name in the Domain\User
syntax if the remote process requires access to network resources or to run in a different account. Note that the password and command are encrypted in transit to the remote system.
Forensics:
Last updated